1/8 

E. B. BODEN, ET AL 
END9-1999-0129 US1 (SMB) 



CONFIGURE CONNECTIONS 
THAT REQUIRE NAT 


\ 


f 


DEFINE IP SEC NAT POOLS 


\ 


t 


START INITIATOR MODE 
CONNECTIONS 


\ 


t 


START RESPONDER MODE 
CONNECTIONS 




f 


PROCESS SA 


PAIR UPDATES 






END CONNECTION 



,20 



,22 



y 



24 



26 



,28 



30 



FIG. I 



2/8 

END9- 1999-0 129 US1 



NAT POOLS FOR \ 
TYPE d 

global_IP1: pool 



.52 



NATpool FOR 
TYPE a, c 



IPSEC 


GATEWAY 


BEING 


CONFIGURED 




GW 1 





NATpool FOR 
TYPE a, c 
K 



IPSEC POLICY 
DATABASE 



.48 



54 



FIG. 2 



•3/8 

END9 1999 0129 US1 



MAP 



SRC IP 



0 



DEST IP 



78 




LHS 



TO 



RHS 



72 



0 




76 



DEST IP 
X 



SRC IP 



74 



80 



FIG. 3 



4/8 

END9-1 999-0 129 US1 



90 98 



SRC 


SRC 


DEST 


IP 


PORT 


IP 



114 116 



DEST 
PORT 



HIDE 




© © © © 



CONVERSATION 



94 



96 



100 



102 



SRC 


SRC 


RHS 


> 

RHS 


IP, 


PORT, 


IP, 


PORT, 



DEST 


DEST 


SRC 


SRC 


IP 


PORT 


IP 


PORT 



106 108 110 112 



FIG. 4 



5/8 

END9-1 999-0129 US1 



CONVERSATION 
START 



128 



IMPLICIT 



MAP 



LOCAL CLIENT 
ID 




122 



REMOTE ID 
(IP ADDR POOL) 



126 



LHS 



TO 




120 



124 



RHS 



ooo 



,210 



LOCAL BINDING TABLE 


LHS 


RHS 


TIME 
STAMP 


INACTIVITY 
TIME 




oc 







i / 



130 



IMPLICIT 



FIG. 5 



MAP 



6 



SRC IP DEST IP 

* X 132 ^134 




LHS 



TO 
136 



RHS 




138 



DEST IP 
\ 



SRC IP 



140 



42 



6/8 

END9 1999 0129 US1 



CONVERSATION 
START 



IDCi 


REMOTE ID 


ID 


(IP ADDR POOL) 



152 



150 



158 



156 



IMPLICIT 



MAP 







> \ 


f 




v A 


LHS 


TO 


RHS 
' 



0; 



REMOTE BINDING TABLE 


LHS 


RHS 


TIME 
STAMP 






ooo 



212 



± 4 



160 



IMPLICIT 



OUT 



MAP 



FIG. 6 



SRC IP 
X 162 

qy 

-Jl 



LHS 




DEST IP 



164 



TO 

•166 



RHS 



DEST IP 



T 

SRC IP 



•168 



170 



172 



7/8 

END9 1999 0129 US1 



CONVERSATION 
START 



188 



IMPLICIT 



MAP 



IDcr 


GLOBAL IP 


ID 


(IP ADDR POOL) 



182 



180 



186> 



1 Z ) - 


\-~ 1 1 


\ V 




v A 


LHS 


| TO 


RHS 



,214 



LOCAL BINDING TABLE 


LHS 


RHS 


TIME 
STAMP 






DO O 



i / 



190 



IMPLICIT 



FIG. 7 



MAP 



SRC IP 



0 



DEST IP 



* N92 ^194 




LHS 



TO 
•196 



RHS 

T\i98 





DEST IP 
\ 



SRC IP 



200 



202 



8/8 * 

END9 1999 0129 US1 



SA PAIR 
UPDATES 




X 302 




VPN 

POLICY 

DATABASE 



\ 



304 




306 



NAT 

ADDRESSES 

\ 

x 316 



314 




— * 


T 


t 




so 


si 


di 





332 



330 



322 



4 SA PAIR 
TABLE 



CONN PROC 
MEMORY 



320 



FIG. 8 



